Stormshield Network SNMP event and alert (traps) format

SNMPv2-MIB traps

http://www.net-snmp.org/docs/mibs/snmpMIB.html#notifications

coldStart NOTIFICATION-TYPE

STATUS current

DESCRIPTION "A coldStart trap signifies that the SNMP entity, supporting a notification originator application, is reinitializing itself and that its configuration may have been altered."

::= { snmpTraps 1 }

warmStart NOTIFICATION-TYPE

STATUS current

DESCRIPTION"A warmStart trap signifies that the SNMP entity, supporting a notification originator application, is reinitializing itself such that its configuration is unaltered."

::= { snmpTraps 2 }

authenticationFailure NOTIFICATION-TYPE

STATUS current

DESCRIPTION"An authenticationFailure trap signifies that the SNMP entity has received a protocol message that is not properly authenticated. While all implementations of SNMP entities MAY be capable of generating this trap, the snmpEnableAuthenTraps object indicates whether this trap will be generated."

::= { snmpTraps 5 }

Traps managed by DISMAN-EVENT-MIB

To obtain the list of traps that are sent, you will need to use the MIB DISMAN-EVENT-MIB.

http://www.net-snmp.org/docs/mibs/dismanEventMIB.html

The tables mteTriggerTable and mteEventNotificationTable are the most useful.

 

Example of how to use an SNMP MIB lookup tool:

snmpwalk -v 2c -c public -M +/usr/local/share/snmp/mibs/ -m ALL 192.168.4.250 mteEventNotificationTable

....

DISMAN-EVENT-MIB::mteEventNotification."_snmpd".'_linkDown' = OID: IF-MIB::linkDown

DISMAN-EVENT-MIB::mteEventNotification."_snmpd".'_linkUp' = OID: IF-MIB::linkUp

....

To find out the conditions that trigger a trap, use mteTriggerTable

(based on IF-MIB::ifOperStatus)

etc.

The following are the most useful traps:

IF-MIB::linkDown

IF-MIB::linkUp

You will find the descriptions of IF-MIB::linkDown and IF-MIB::linkUp at: http://www.net-snmp.org/docs/mibs/IF-MIB.txt

linkDown NOTIFICATION-TYPE

OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }

STATUS current

DESCRIPTION "A linkDown trap signifies that the SNMP entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state (but not from the notPresent state). This other state is indicated by the included value of ifOperStatus."

::= { snmpTraps 3 }

linkUp NOTIFICATION-TYPE

OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }

STATUS current

DESCRIPTION "A linkUp trap signifies that the SNMP entity, acting in an agent role, has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state (but not into the notPresent state). This other state is indicated by the included value of ifOperStatus."

::= { snmpTraps 4 }

Stormshield Network Traps

.1.3.6.1.4.1.11256.1.5

Stormshield Network traps are defined in the file MIB STORMSHIELD-ALARM-MIB.txt

time .0.1.1
srcif .0.1.2
src .0.1.5
dst .0.1.6
msg .0.1.11
 
time.1.1.1
srcif.1.1.2
src.1.1.4
dst.1.1.5
msg.1.1.10

NOTE
The notification "snsAMessage" contains the message associated with the alarm or the system event. Documentation on alarms is available online in the security KB, or accessible via the administration interface, in the System events module when you click on the Show help link for each event.
The descriptions of system alarms are also given in the section SYSTEM EVENTS > List of events.